Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Vb7 Caveat Emptor

Rated 3.89 (Ratings: 0)

Want more?

 
Picture of sgd

Scott Dexter

Member info

User since: 26 Apr 1999

Articles written: 10

(this, I guess, could qualify as a rant)

Some of you know about MS coming out with a new version of Visual Basic. VB7 will do a ton of things that will make the language a whole lot better, but of the new features, the one that will open a new security nightmare is the Web Services feature. Below is a quote from Jeff Hadfield, Publisher for the VBZone on Devx.com ( http://www.devx.com/free/newsletters/vb/pubnote0323.asp ),

"As I reported late last year, Microsoft's promising to make Web services easy to access as well. Web services, vital links in business and electronic commerce applications, can be built in and accessed in any language using native Internet standards. Your VB-built app, either server or client, can call a URL-based Web service to perform tasks such as inventory verification, shipping services, or credit card verification. "

Basically, in over-simplified terms, VB7 finally does CGI. You can call a URL (from an html page, or even a program running on your machine) and that URL is a program that does something and returns data. Example:

http://myserver.com/readmypasswords.dll?uid=root --er something like that

Here's my worry (and mostly because I haven't seen it in action and its not released yet): what stopgaps are there going to 1) be in place by default and/or 2) possible to implement by the developer to secure these 'new fangled' services?

With this kind of implementation, yes, development and procreation of information to anything from anything could/can/will skyrocket. Chances are it will spawn a wave of apps; at least a wave of old VB gentry getting on the web app bandwagon. But without developer education or sandboxing by the language, just thinking about how many new break-in points a website could/will have just plain scares me. Throw in the already incredible shortage of good developers and you have enough to keep Scott Adams happy and rich for many many years.

So. What am I saying? Be ready for it, especially if you dabble in ASP/VBScript/VB now. Start getting educated about it, because with more power comes more responsibility (you could think of VB7 as VB finally growing up into an adult language), and despite MS's attempt to make a more complicated beast easier to use (which they can do a decent job of), *you* will have to be smarter in how you use the tool(s), and be aware of the pitfalls of using them.

Oh please, let me not come across built in buffer-overruns from developing these....

sgd

--

think safely

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.